Configure security group rules for the Kafka cluster to specify the public IP addresses
that are allowed to access the Kafka cluster. This helps you protect the Kafka cluster
when it is connected to the public network. You can log on to the EMR console to check
the security group of the Kafka cluster, use the security group ID to find the security
group in the ECS console, and then configure rules. View details

In the Services list on the Clusters and Services page, choose Kafka > Configuration. In the Service Configuration section, set the value of the kafka.public-access.enable parameter to true.

Restart the Kafka service.

Use the EIP of the cluster and port 9093 to connect to the Kafka cluster.

Versions before V3.11.X

Access Kafka from a VPC network.

You need to modify the host configuration on your client for the Kafka cluster nodes.
Note: You need to configure the long domains of the Kafka cluster nodes on the client to avoid connection failures. Example:

By default, core nodes of a Kafka cluster cannot be accessed from the public network.
You can perform the following steps to access a Kafka cluster from the public network.

Enable communication between the Kafka cluster and the client in the public network.

To connect to a Kafka cluster deployed in a VPC network, use the following methods:

Connect to the EIP of a core node in the Kafka cluster. The follow steps describe
how to use this method to access Kafka.

Use Express Connect to enable the connection between the VPC network and the public
network. For more information, see Express Connect.

In the VPC console, purchase EIPs. The number of purchased EIPs equals the number of core nodes in the
Kafka cluster.

Configure security group rules for the Kafka cluster to specify the public IP addresses
that are allowed to access the Kafka cluster. This helps you protect the Kafka cluster
when it is connected to the public network. You can log on to the EMR console to check
the security group of the Kafka cluster, use the security group ID to find the security
group in the ECS console, and then configure rules. View details

In the Service Configuration section, set the value of the listeners.address.principal parameter to HOST. Restart the Kafka cluster.